III. REMARKS 

Claims 1-2 and 4-39 are pending in this application. By this amendment, claims 1,11, 
18, and 29 have been amended. Applicants are not conceding in this application that those 
claims are not patentable over the art cited by the Office, as the present claim amendments and 
cancellations are only for facilitating expeditious prosecution of the subject matter noted by the 
Office. Applicants do not acquiesce in the correctness of the rejections and reserve the right to 
present specific arguments regarding any rejected claims not specifically addressed. Further, 
Applicants reserve the right to pursue the full scope of the subject matter of the original claims in 
a subsequent patent application that claims priority to the instant application. Reconsideration in 
view of the following remarks is respectfully requested. 

In the Office Action, claims 1, 2, and 4-39 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Levergood et al. (US 5,708,780) in view of Applicant's own alleged admitted 
prior art (AAPA) and further in view of Abdo et al. (US 7,080,404). Applicants traverse the 
rejection on the following grounds. 

With respect to independent claim 1, Applicants assert that Levergood in view of AAPA 
and Abdo does not disclose each and every feature of the claim. For example, Levergood in view 
of AAPA and further in view of Abdo does not disclose, inter alia, "generating a single security 
value for an authenticated user . . . and the security value is a pseudo-random number." See claim 
1 . (Emphasis added). Applicants understand the Office to assert that the SID of Levergood 
allegedly teaches the security value of claim 1 . See Final Office Action, page 3 ("i.e., SID is 
generated for an authenticated user"). However, the Office admits that Levergood fails to teach 
"generating a security value for an authenticated user of the distributed application, wherein 
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every user is authenticated prior to generating the security value and the security value is a 
pseudo-random number." See Office Action, page 4. The Office asserts that Col. 4, lines 18-53 
of Abdo allegedly teaches this feature. Applicants respectfully disagree with the Office's 
assertion. In this section, Abdo discloses "generating and sharing auto-reconnect data . . . [which] 
comprises a session ID number and a first random number. . . . The session ID is a number 
that is associated with the client's current server session and that is unique among currently 
executing sessions. The first random number is a 16-byte number that is generated using a 
cryptographically secure random number generator, and might include pseudo-random numbers." 
See Col. 6, lines 43-53. Applicants contend that the auto-rcconnect data fails to teach the 
features of the security value of claim 1 . 

First, Applicants submit that the auto-reconnect data of Abdo is comprised of two 
different values: the session ID number and the first random number. In sharp contrast, claim 1 
recites "generating a single security value." (Emphasis added). Second, Applicants submit that 
Abdo discloses the auto-reconnect data is for a server session. In contrast, claim 1 recites 
"generating a single security value for an authenticated user." (Emphasis added). 
Accordingly, Applicants maintain that the cited references fail to teach the security value of 
claim 1. 

Applicants also contend that Levergood in view of AAPA and further in view of Abdo 
fails to disclose "determining of the one command is required to be associated with the security 
value; executing the one command if the one command is not required to be associated with the 
security value; and if the one command is required to be associated with the security value: ..." 



10/630,283 



Page 13 of 20 



See claim 1 . Applicants submit that none of the cited references discloses this feature of claim 1 . 
Support for this feature can be found in the Application, paragraph [0026], page 11. 

Furthermore, Applicants submit that Levergood in view of AAPA and further in view of 
Abdo does not provide "preventing execution of the one command if the security value is not 
found with the one command or if there is an error in the security value; and returning an 
error message to the authenticated user if the security value is not found with the one command 
or if there is an error in the security value." See claim 1 . (Emphasis added). The Office 
asserts that Levergood allegedly teaches the feature of preventing execution of the command if 
the security value is not found and returning an error message to the authentication user for 
confirmation before the command is executed. Specifically, the Office points to Col. 5, lines 41- 
49, Col. 6, lines 26-65, and Col. 7, lines 65-47 of Levergood. However, Applicants maintain that 
Levergood fails to teach this feature and submit that Levergood, in addition to AAPA and Abdo, 
does not teach determining there is an error in the SID (which the Office points to as allegedly 
teaching the security value). Accordingly, Applicants assert that the cited references fail to teach 
each and every feature of claim 1 . 

In view of the foregoing, claim 1 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
claim 1 under 35 U.S.C. § 103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With respect to independent claim 11, Applicants respectfully traverse the rejection and 
Applicants assert that Levergood in view of AAPA and Abdo does not disclose each and every 
feature of the claim. Claim 1 1 recites: 
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"A method for protecting a distributed application user, comprising: . . . 

generating, on a server, a single security value for the authenticated user, 
wherein the security value is a pseudo-random number; . . . 

determining if the one command is required to be associated with the 
security value; 

executing the one command if the one command is not required to be 
associated with the security value; and 

if the one command is required to be associated with the security value: 

checking the one URL for the security value to determine if the one URL 
originated from the authenticated user; 

preventing execution of the command corresponding to the one URL if the 
security value is not found with one URL or if there is an error in the security 
value; and 

returning an error message to the authenticated user if the security value is 
not found with the one URL or if there is an error in the security value, 

wherein the error message prompts the authenticated user for confirmation before 

the one URL can be executed." (Emphasis added). 
For reasons that should be clear from the discussion of Levergood, AAPA, and Abdo set 
forth above, the combination of Levergood, AAPA, and Abdo does not disclose or suggest the 
method recited in claim 1 1 , including the limitations "generating, on a service, a single security 
value for the authenticated user;" "determining if the one command is required to be associated 
with the security value;" "executing the one command if the one command is not required to be 
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associated with the security value;" and "if there is an error in the security value." Rather, Abdo 
discloses an auto-reconnect data that is comprised of two different values and is for a server 
session. Further, the cited references fail to provide the determining feature and executing 
feature of claim 1 1 and do not disclose "if there is an error in the security value." 

In view of the foregoing, claim 1 1 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
claim 1 1 under 35 U.S.C. §103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With respect to independent claim 18, Applicants respectfully traverse the rejection and 
Applicants assert that Levergood in view of AAPA and Abdo does not disclose each and every 
feature of the claim. Claim 18 recites: 

"A system for protecting a distributed application user, comprising: . . . 

a security value system for generating a single security value for an 
authenticated user of a distributed application provided on a server, wherein every user 
is authenticated prior to generating the security value and the security value is a pseudo- 
random number; ... 

a command checking system for: 

determining if the one command is required to be associated with the 
security value and executing the one command if the one command is not 
required to be associated with the security value; and 

if the one command is required to be associated with the security 

value: 
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checking one of the set of commands received on the server from 
the authenticated user for the security value to determine if the one 
command originated from the authenticated user, 

preventing execution of the one command if the security value is 
not found with the one command or if there is an error in the security 
value, and 

returning an error message to the authenticated user if the security 
value is not found with the one command or if there is an error in the 
security value, wherein the error message prompts the authenticated user 
for confirmation before the one command can be executed." (Emphasis 
added). 

For reasons that should be clear from the discussion of Levergood, AAPA, and Abdo set 
forth above, the combination of Levergood, AAPA, and Abdo does not disclose or suggest the 
system recited in claim 18, including the limitations "generating a single security value for an 
authenticated user;" "determining if the one command is required to be associated with the 
security value;" "executing the one command if the one command is not required to be associated 
with the security value;" and "if there is an error in the security value." Rather, Abdo discloses 
an auto-reconnect data that is comprised of two different values and is for a server session. 
Further, the cited references fail to provide the determining feature and executing feature of 
claim 18 and do not disclose "if there is an error in the security value." 

In view of the foregoing, claim 1 8 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
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claim 18 under 35 U.S.C. §103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With respect to independent claim 29, Applicants respectfully traverse the rejection and 
Applicants assert that Levergood in view of AAPA and Abdo does not disclose each and every 
feature of the claim. Claim 29 recites: 

"A computer program product stored on a computer readable medium for protecting a 
distributed application user, which when executed, comprises: 

program code for generating a single security value for an authenticated user of the 
distributed application provided on a server, wherein every user is authenticated prior to 
generating the security value and the security value is a pseudo-random number; . . . 

program code for determining if the one command is required to be associated with 
the security value; 

program code for executing the one command if the one command is not required to 
be associated with the security value; and 

if the one command is required to be associated with the security value: 

program code for checking one of the set of commands received on the server 
from the authenticated user for the security value to determine if the one command 
originated from the authenticated user, for preventing execution of the one command if 
the security value is not found with the one command or if there is an error in the 
security value, and for returning an error message to the authenticated user if the security 
value is not found with the one command or if there is an error in the security value, 
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wherein the error message prompts the authenticated user for confirmation before the one 
command can be executed." (Emphasis added). 

For reasons that should be clear from the discussion of Levergood, AAPA, and Abdo set 
forth above, the combination of Levergood, AAPA, and Abdo does not disclose or suggest the 
system recited in claim 29, including the limitations "generating a single security value for an 
authenticated user;" "determining if the one command is required to be associated with the 
security value;" "executing the one command if the one command is not required to be associated 
with the security value;" and "if there is an error in the security value." Rather, Abdo discloses 
an auto-reconnect data that is comprised of two different values and is for a server session. 
Further, the cited references fail to provide the determining feature and executing feature of 
claim 29 and do not disclose "if there is an error in the security value." 

In view of the foregoing, claim 29 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
claim 29 under 35 U.S.C. § 103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With regard to the Office's other arguments regarding dependent claims, Applicant herein 
incorporates the arguments presented above with respect to independent claims listed above. In 
addition, Applicant submits that all dependant claims are allowable based on their own distinct 
features. However, for brevity, Applicant will forego addressing each of these rejections 
individually, but reserves the right to do so should it become necessary. Accordingly, Applicant 
respectfully requests that the Office withdraw its rejection. 
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IV. CONCLUSION 

In light of the above, Applicant respectfully submits that all claims are in condition for 
allowance. Should the Examiner require anything further to place the application in better 
condition for allowance, the Examiner is invited to contact Applicant's undersigned 
representative at the number listed below. 

Respectfully submitted, 



Date: November 3, 2008 /Elaine Chi/ 

Elaine Chi 
Reg. No.: 61,194 

Hoffman Warnick LLC 
75 State Street, 14 th Floor 
Albany, New York 12207 
(518) 449-0044 
(518) 449-0047 (fax) 
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